Skip to main content

Phishing Email Checklist

Phishing Email Checklist

Table of Contents

Quick Answer

A phishing email checklist helps you pause before trusting a suspicious message. Review the sender, links, attachments, urgency, payment or credential requests, branding, and safe reporting options.

What Is a Phishing Email Checklist?

A phishing email checklist is a simple review aid for suspicious messages. It helps users identify warning signs without clicking risky links, opening unexpected attachments, or sharing passwords and payment details.

Sender Checks

Check the sender address carefully

Why it matters:Display names can be spoofed or misleading.

Safe action:Look at the full email address and compare it with the expected organization domain.

Be careful with lookalike domains

Why it matters:Attackers may use small spelling changes or extra words.

Safe action:Do not rely only on the logo or sender display name.

Question unexpected messages

Why it matters:Unexpected invoices, resets, and delivery notices are common bait.

Safe action:Verify through a known official channel.

Link and URL Checks

  • Do not click links from suspicious messages.
  • Hover or inspect links only when safe to do so; compare the destination with the expected domain.
  • Type important website addresses directly into the browser instead of using email links.

Attachment Checks

  • Be cautious with unexpected invoices, scans, resumes, compressed files, and macro-enabled documents.
  • Do not open attachments from unknown or suspicious senders.
  • Ask the sender through a known channel when an attachment seems unusual.

Urgency and Pressure Checks

Phishing messages often create fear, urgency, reward, or pressure. Slow down when a message says your account will close, payment is overdue, a prize is waiting, or your manager needs an unusual urgent action.

Payment and Credential Request Checks

CheckWhy it mattersSafe action
Password or OTP requestLegitimate services should not ask for passwords or OTPs by email.Do not reply. Use the official website or support channel.
Payment or bank changeBusiness email compromise often targets payment workflows.Confirm through a trusted phone number or internal process.
File-sharing login linkFake login pages can steal credentials.Open the service directly and check whether the file exists.
Remote-access requestScammers may try to gain device access.Never install tools or share screens from an unsolicited email.

Branding and Language Checks

  • Look for mismatched branding, unusual grammar, broken formatting, and generic greetings.
  • Do not assume a professional design means the email is safe.
  • Compare with messages already available in the official account portal.

What to Do If You Are Unsure

  • Do not click, download, reply, or forward sensitive data.
  • Report the message using your organization’s reporting process when available.
  • For personal accounts, use official support pages or trusted contact methods.
  • If you already clicked or shared credentials, change the password from the official site and enable multi-factor authentication.

For Students and Employees

Students and employees should follow local reporting rules, avoid public shaming of suspected senders, and preserve the message for IT or security teams when asked.

FAQs

A phishing email checklist is a safe review aid for suspicious messages. It helps you check sender details, links, attachments, urgency, payment requests, and credential requests before trusting an email.

No. Avoid clicking suspicious links. Use official websites, known support channels, or your organization’s reporting process instead.

Change the password from the official website, enable multi-factor authentication, sign out of other sessions if possible, and report the incident to the relevant support or security team.

No. Phishing emails can copy logos and formatting. Always review sender details, destination links, request context, and trusted verification channels.

Sources and further reading